Format: 1.8
Date: Thu, 19 Mar 2015 09:57:59 -0400
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: i386 all i386_translations
Version: 0.9.8k-7ubuntu8.27
Distribution: lucid
Urgency: medium
Maintainer: Ubuntu/amd64 Build Daemon <buildd@panlong.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 libssl0.9.8-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Changes: 
 openssl (0.9.8k-7ubuntu8.27) lucid-security; urgency=medium
 .
   * SECURITY UPDATE: denial of service and possible memory corruption via
     malformed EC private key
     - debian/patches/CVE-2015-0209.patch: fix use after free in
       crypto/ec/ec_asn1.c.
     - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
       freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
     - CVE-2015-0209
   * SECURITY UPDATE: denial of service via cert verification
     - debian/patches/CVE-2015-0286.patch: handle boolean types in
       crypto/asn1/a_type.c.
     - CVE-2015-0286
   * SECURITY UPDATE: ASN.1 structure reuse memory corruption
     - debian/patches/CVE-2015-0287.patch: free up structures in
       crypto/asn1/tasn_dec.c.
     - CVE-2015-0287
   * SECURITY UPDATE: denial of service via invalid certificate key
     - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
       crypto/x509/x509_req.c.
     - CVE-2015-0288
   * SECURITY UPDATE: denial of service and possible code execution via
     PKCS#7 parsing
     - debian/patches/CVE-2015-0289.patch: handle missing content in
       crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
     - CVE-2015-0289
   * SECURITY UPDATE: denial of service or memory corruption via base64
     decoding
     - debian/patches/CVE-2015-0292.patch: prevent underflow in
       crypto/evp/encode.c.
     - CVE-2015-0292
   * SECURITY UPDATE: denial of service via assert in SSLv2 servers
     - debian/patches/CVE-2015-0293.patch: check key lengths in
       ssl/s2_lib.c, ssl/s2_srvr.c.
     - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
       ssl/s2_srvr.c.
     - CVE-2015-0293
Checksums-Sha1: 
 e595911fd95e71f54f0575fd39e3c3d0e5ded28c 401238 openssl_0.9.8k-7ubuntu8.27_i386.deb
 a322e3d7b911782bec16c91169f8764fdbb81c95 653612 openssl-doc_0.9.8k-7ubuntu8.27_all.deb
 b7fb0c5360a49d3fad29684535ac596dbb9fe222 3039554 libssl0.9.8_0.9.8k-7ubuntu8.27_i386.deb
 c56ba26502a908dd9c42b9059b2f8f32affd6ae4 584064 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.27_i386.udeb
 d8c845277dac5216796ab200c6e5962a6aa3d64d 134052 libssl0.9.8-udeb_0.9.8k-7ubuntu8.27_i386.udeb
 48ba20bcf9d8294b8e2d12dfeb6d97cfe0c63e44 2024606 libssl-dev_0.9.8k-7ubuntu8.27_i386.deb
 a4960a0910ed4ee2107a8d5012d3c3e2707935bc 5889988 libssl0.9.8-dbg_0.9.8k-7ubuntu8.27_i386.deb
 8bbaefc70c74ddbdcaf06e7549218c31305a9e2c 18529 openssl_0.9.8k-7ubuntu8.27_i386_translations.tar.gz
Checksums-Sha256: 
 69038eb61eaff8c9bd37931b58bfef20027c106b31656e5b393ef5129070dfae 401238 openssl_0.9.8k-7ubuntu8.27_i386.deb
 c4fb11b01fbd6eaa6fa90d0a6ca508f56c09c024eb3ece3b6f28fb757289ff2f 653612 openssl-doc_0.9.8k-7ubuntu8.27_all.deb
 087b58f547755b133b15dae537249661690cd888d71226b0353ac4b327e4a8af 3039554 libssl0.9.8_0.9.8k-7ubuntu8.27_i386.deb
 9a38d6cf73d02d4addcc408626e0b30c7477c942575bcde9be24035e096a1359 584064 libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.27_i386.udeb
 c14ea05d10190a466f922bc282c524e0449eedc6756843cdbfda43f86bac9f4d 134052 libssl0.9.8-udeb_0.9.8k-7ubuntu8.27_i386.udeb
 bdb4a5c0067e45802aeb8f2e78ba4b0b5630122f0acbf6c85bb916d5daa8f9c6 2024606 libssl-dev_0.9.8k-7ubuntu8.27_i386.deb
 f9983bfaf47b53b9280fe01d157d814b76f39ab5e8c7eab8b8d89fc40b4d4418 5889988 libssl0.9.8-dbg_0.9.8k-7ubuntu8.27_i386.deb
 9eb3ac2fd6e6d81892824c0306ed0ec02bf2571552807264dceab672fd11b56d 18529 openssl_0.9.8k-7ubuntu8.27_i386_translations.tar.gz
Files: 
 f87a546c20e6703d9be4ed84004b5aaa 401238 utils optional openssl_0.9.8k-7ubuntu8.27_i386.deb
 9736b68d44fef2482ec9ae231cc752fc 653612 doc optional openssl-doc_0.9.8k-7ubuntu8.27_all.deb
 c109052a67dfda50935928ebf203c026 3039554 libs important libssl0.9.8_0.9.8k-7ubuntu8.27_i386.deb
 2e0aa65210e7870c585bcb0596a11cd3 584064 debian-installer optional libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.27_i386.udeb
 8db3588946303437ecfdbefa3c2c560f 134052 debian-installer optional libssl0.9.8-udeb_0.9.8k-7ubuntu8.27_i386.udeb
 6aa6ee02de21695da98dba27e5f77e01 2024606 libdevel optional libssl-dev_0.9.8k-7ubuntu8.27_i386.deb
 5d16e33b4722b4ce1cc81a6038982f08 5889988 debug extra libssl0.9.8-dbg_0.9.8k-7ubuntu8.27_i386.deb
 313a9178f5f77d5dbd9e6445b5810e57 18529 raw-translations - openssl_0.9.8k-7ubuntu8.27_i386_translations.tar.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Package-Type: udeb